VMware Networking for Network Admins

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
everyone my name is tony burk i am a trainer concentrating mostly on data center technologies and also a skydiving instructor but that's a different set of videos and today i wanted to talk to you about vmware networking specifically for the network engineer how we connect VMware hypervisor hosts ESXi hosts into our network so let's start off with a couple of basics here so we have a hypervisor so this is there's basically two ways to hook up a ESXi host to your network either through a link aggregation group a lag or through something that is called many different things by different people but for the best term I can think of as Mac pinning because it pretty well describes what we're talking about but both of those have some commonalities in it so let's go over that real quick so we have our hypervisor host a lot of times we just call it ESXi or the V Schor hypervisor every one of these hypervisors is going to have a V switch now there's two primary types of e switches in the VM our world like s3 if you including gonna sexes but we're not going to talk about nsx here we're going to talk about just standard networking with vmware so there's a standard virtual switch and a distributed virtual switch the function primum they function pretty much the same the biggest difference between the SDS the standard virtual or the SPS the standard virtual switch and the distributed virtual switch the DVS is that the DVS is configured in one place in this envy center the standard virtual switch is configured in each of the hypervisors by themselves so the the DVS is a little bit easier to work with because you just you can figure port groups in one place and then that configuration gets pushed to all of the other hypervisors whereas the standard virtual switch you have to go into each of the hypervisors and configure the networking last time I checked at least the in order to use the distributive virtual switch you have to have the Enterprise Plus license but that information may be out of date either way so we have a standard switch or any we have a V switch here whether it's a standard V switch in the superdude virtual switch from the perspective of the hypervisor by itself they're both function pretty much the same and one exception which we'll talk about later so I've got my V switch and we're gonna have of course we're gonna have some network interfaces VMware calls the physical NICs calls the VM NICs so this is gonna be VM x0 they start the numbering with the zero and then this is going to be VM Nick one so these are the physical mix the will also of course have some virtual machines and the VM itself is going to have a v-neck so that's a v-neck there and then the physical NIC is the VM Nick I don't know why it's kind of confusing I would think VM Nick means the Nick on the VM but don't ask me well they didn't ask me when they were naming these things so I would have named us something different and then we go and then every these every V switch is like any of any other access layer switch in the data centers gonna have up links so we're gonna have some up links here you have to have at least one up linked for the V switch to be able to communicate with the outside world in this case we're gonna have to for redundancy which is fairly common these days it's typically 210 gig or 25 gigabit internet Ethernet interfaces so we don't plug the VM directly into the these switch we plug it into a port group so this port group will call this web this port group are called DD it's just a name doesn't doesn't web and DB they both function the same that's just the name for the label for the port group itself the port groups act the same we plug into a virtual port on the port group so here's another VM here's the NIC that plugs into that virtual port leads the same color both sides so that's the virtual port I don't have a virtual port ID just like you have a switch has a switch port ID couple of things so that's those are the basics the port groups themselves pretty much act like VLANs or at least you can equate them in just about every way to a VLAN and the fact in order to get the port group data and port group communication up into the switches that we plug into we typically will tag a VLAN ID on the uplink so each port group will get a VLAN ID so VLAN 10 this will be VLAN 20 port groups typically will have unique VLAN IDs sometimes they might share them for whatever reason but in this case where each port group is gonna have its own VLAN ID and that should provide communication now by default these two VMS should give them numbers the M 1 and V M 2 here they cannot communicate with each other because they're on different port groups just like two VMs couldn't communicate with each other if they were on two different VLANs unless we had something like a default gateway or some sort of layer to bridge in order to allow them to communicate we haven't configured anything like that here so right now they're isolated if I put another VM like this one here and make a little more clear if I had another VM and I put it into one of those port groups than those two VMs could talk there right now none of them can talk so go ahead and add another VM here the m3 IV NIC now you could have multiple v-necks on a system we don't usually because it doesn't help with redundancy to have two virtual NICs they're both virtual contracts anyway so it doesn't really help but you might have one NIC connected to one vena connected to one port group and another vena connected to another port group for whatever reason but most of the time I would say 95 99 percent of the time every VM only has one v-neck although there may be reasons why you have multiple ones especially in the networking world a lot of our network appliances typically will have NICs on multiple port groups and that's fine so there's two different ways that we can plug into the network number one is lag so a link aggregation group you might have heard it as a link aggregation group you might have had a you might have heard it as a toe 2.3 ad you may have heard it as a pork channel you may have probably erroneously heard it as LACP now a lag can have LACP that would be a dynamic lag but a lag does not denote LACP in fact there's plenty of lags that do not have LACP and the default mode of a virtual switch does not use LACP it's just a static lag the other way is again there's many different ways of many different names for this and the one I like the best is Mac pinning because it gives a very good representation of what it does because we're pinning a Mac to a nut link so the lag works like this so I've got here's my ESXi host here I'm going to draw the V switch again use dark green for that trying to keep the colors consistent here but I don't always remember which colors I used so here's my V switch and I'm gonna have some port groups and what did I use yeah pinky's a red color I have some VMs here then with a brick color a bright green and they're gonna have their the Knicks the v-necks are going to be plugged into port groups and the V switch is going to have some VM Knicks some up links and those VN mix are going to be plugged into upstream switches in this case it's going to be a M lag multi chassis link aggregation or MC lag it's also my rap name my name is MC lag and my flows be divided across links by a hash of their headers and they also be fresh and we would draw it like that now depending on your products you might have links between the two switches or you might not for example a CI does not have that the interest the switch connections go over the the connections over the spine but that's not important now what is important is that no matter the technology whether it's the lag M lag MC lag whatever VP see these two switches are acting like a single logical path so there are two switches that have a shared control plane for forwarding so a packet might or a frame might enter this switch or a frame might enter this switch packets come in and they get to their destination for traffic leaving the V ends I pick a different color here for traffic leaving the VM so let's say we're leaving this VM right here the the switch will do a hash based on the source ID in fact this mode if you go into B and where you don't see lag anywhere in the drop-down menu for the virtual switches it doesn't say lag it says route based on IP hash so it takes a hash of the source IP address or a hash of the destination IP address and it only hashes the last octet at least that's it as of 6.7 I don't know I don't know about six not about seven Auto but typically we just hash the last octet doesn't do anything with the first three octets in an ipv4 address just let the hash is the last octet and some flows will go up this switch and some flows will go up that switch and then same thing for traffic inbound some traffic come can come in this direction and some traffic can can come in this direction they both get delivered to the same place so that's a that's a lag works pretty much how you expect we also have the option of doing a Mac pinning fact I mean cheat here see if I can get this to work trying to big ol cut and paste here duplicate and move it over let's see how that worked yeah very nice okay that saved me a little bit of typing or a little bit of drawing here let me just clear out that lag part because we're not gonna build a lag with Mack pinning so in this case these two switches would would probably not always again if you're doing if you're doing a CI they they're not connected to each other but most other technologies they are connected with each other who can type in V switch okay I can't write V switch and then I've got my v-neck here and it's plugged into a port group alright so the on the Mac pinning side we're not building a lag so on the two switches we don't put them into or we don't have to put them into a V PC mode you can't for other interfaces but we were treating these basically like just traditional interfaces they might trunk VLANs so they might have a tour to don't want queue over them they probably will have a toe-to-toe one queue over them because typically multiple multiple port groups means multiple VLANs but what happens how we divide traffic up is that we pin the MAC address so let's say the MAC address for this VM I'm gonna make that say the last octet is a a and the MAC address for this VM is B be to make this work a little bit better well it doesn't matter so when a a sends a packet out the V switch or we're talking about frames here really because we're only doing later to at this point so these switches in VMware they only do layer two unless you do nsx and even then different discussion so the ethernet frame leaves the host and it gets pinned to one uplink or another or if you have more if you have three up links that'll get into one of the three here I'm just using tube because that's the most common number of Nyx we have so we learn a a over here actually I'm going to draw a link over these two so that'll be a lag there and the other switch is going to learn a a through its lag link right here and vice-versa so let's say BB gets gets pinned to this uplink and the first switch is going to learn the BB MAC address on that lag link so every virtual port gets pinned any of the MAC addresses on a virtual port which for most effective purpose meet or for all effective purposes for 99.9% of VMs the v-neck is only going to have one MAC address on it they're gonna get pinned to one of the up links the only the only difference there is if it's like a if it's an H a set up then you will probably have to to Mac's one will be the real Mac and will be a V Mac for the floating IP address if you have something like H a going on though we're basically we're pinning the virtual port ID to a specific uplink so all traffic for this VM right here for the a VM is only going to go over that uplink unless that uplink dies then it will failover to the surviving uplink and this is all of the other options in the drop-down menu and VMware other than route based on IP hash some of them do Mac hashing some of them say rub based on virtual port ID and then there's one for NIC load and a couple of others possibly depending on the version you have but they're all basically doing some variation of this the only one that actually sets up a lag and requires that you set up a lag on the upstream switches is the route based on AP hash so it's a little bit confusing for a lot of network engineers because there's not a clear thing saying hey we're setting up a lag right here so everything else is Mack pinning I bribe based on IP hash is the the lag part now the the MEK pinning is interesting now one quick note on both of these it's safe to turn on pour fast so that you can have these interfaces here go into 40 mode immediately these V switches actually don't do any spanning tree so they basically look like a single host that has just happens to have a lot of MAC addresses on the other end so we can treat it like an edge port so spanning tree or port type edge it works fine or trunk type edge no it works fine wait I don't think it's truck tech can never remember the syntax anyway port fast edge port the interesting one is the in terms of how we do traffic division with the Mac pinning because there's some interesting things that are worth taking a look at at least from a networking perspective so again here we have our V switch it's going to draw a one port group on this on this one so here's a port group I have a couple of VMs here's our V Knicks so this is VM a this is VM B they're plugged into virtual port virtual ports and of course we have our physical up links the VM mix and then we have our switches that are plugged into each other so if you look at this and you're a network engineer and you're not you're not familiar with how VMware does its networking you might think ok well which version of spanning-tree are we using because this looks like we're this is the classic drawing of a loop so 1 2 3 and they're all connected that looks like a loop but it doesn't create a loop so and you ask what version of spanning tree are we using and the answer is there is no there's no spanning tree running here what happens is there is a split horizon on the V switch so the up links are treated differently than the down links so we have some networking devices that do this too for example if you have the fabric interconnects from at Cisco then those devices act like this - they have the uplink ports and the downlink ports and there's a split horizon between them so what do I mean by that well for example let's talk about bum frames so broadcast unknown unicast multicast they are going to be sent down these links because the rules standard rules of Ethernet forwarding is you hit you get a bum frame on one interface you spit it out all the other ones so the same bum frames are gonna come down both of these interfaces one of these is going to be designated the bum interface so all bum traffic on the other interfaces whether it's one other interface or ten other interfaces are going to get dropped at that NIC and only the bum interface bum frames from the bum designated interface are actually going to get sent to the hosts so that's one way the bdp use that gets sent also another thing that happens is any packet that comes down this link won't go up the link so this V switch is not behaving like a traditional switch in terms of if you get a bum frame then it's supposed to broadcast them out all the other other other interfaces it will broadcast it to the down facing interfaces to the host facing interfaces it will not broadcast it up the inter up the other up links so it doesn't regurgitate them like a traditional it doesn't read up locate them like a traditional switch does so in that regard we're not actually creating a loop because there's only one logical path from this NIC whoops didn't mean to erase everything there is only one logical path from this VM to any any MAC address on the other side so while both NICs are active so we're we have an active active scenario it's active standby from the perspective of each each of the VMS itself so I hope that was a neat little tour of networking virtual networking in vmware this is for the standard virtual switch and the distributed virtual switch nsx is a little bit different of a beast so I won't include it in this video if you like this video please let me know down in the comments if you have any questions about this please let me know down in the comments the questions help me come up with new ideas for more videos like this and thank you for watching again my name is Tony Burke
Info
Channel: Tony B
Views: 1,250
Rating: 4.9259257 out of 5
Keywords:
Id: RfUwdIxiVUw
Channel Id: undefined
Length: 19min 32sec (1172 seconds)
Published: Fri Jun 19 2020
Related Videos
New Skydivers: Flying The Pattern (Pattern Entry)
Tony B
1.4K
Talking About Canopy Flight Characteristics
Tony B
1.2K
On Line Twists and Bad Advice
Tony B
756
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
How to Pack a Parachute With Tony Bourke (v1 Beta)
Tony B
6.1K
Virtualization: Bridged, NAT, Host-only - Virtual machine connection types
Sunny Classroom
69K
What is a REST-based API❓ (and why you need to know for the Cisco CCNA)
Keith Barker
17K
Balloon Jump
Tony B
615
The Map of Particle Physics | The Standard Model Explained
DoS - Domain of Science
475K
Choosing an AAD (Automatic Activation Device)
Tony B
1.4K
Subnet Mask - Explained
PowerCert Animated Videos
87K
Simon Sinek 2021 - The Speech That Broke The Internet - Most MOTIVATIONAL Ever
Alpha Leaders
408K
How to Install VMware vSphere Hypervisor 7.0 - Start to finish ESXi 7
2GuysTek
16K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.